flightvoucher.com-voucher.online
Open in
urlscan Pro
216.137.61.219
Malicious Activity!
Public Scan
Effective URL: http://flightvoucher.com-voucher.online/surveys/AU/jet/7/?oid=606&xc=982
Submission: On October 19 via manual from AU
Summary
This is the only time flightvoucher.com-voucher.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 91.192.43.154 91.192.43.154 | 15960 (GLOBALACCESS) (GLOBALACCESS) | |
1 1 | 52.208.119.205 52.208.119.205 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 2 | 13.113.215.156 13.113.215.156 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
5 | 216.137.61.219 216.137.61.219 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
3 | 216.137.61.227 216.137.61.227 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 216.137.61.244 216.137.61.244 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::2003 | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
13 | 5 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-208-119-205.eu-west-1.compute.amazonaws.com
trk.aus-mail02.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-113-215-156.ap-northeast-1.compute.amazonaws.com
offerlink02.com | |
aff-track.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-216-137-61-219.fra2.r.cloudfront.net
flightvoucher.com-voucher.online |
ASN15169 (GOOGLE - Google Inc., US)
fonts.googleapis.com | |
ajax.googleapis.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-216-137-61-227.fra2.r.cloudfront.net
flightvoucher.com-voucher.online |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-216-137-61-244.fra2.r.cloudfront.net
flightvoucher.com-voucher.online |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
com-voucher.online
flightvoucher.com-voucher.online |
133 KB |
2 |
gstatic.com
fonts.gstatic.com |
40 KB |
2 |
googleapis.com
fonts.googleapis.com ajax.googleapis.com |
33 KB |
1 |
aff-track.com
1 redirects
aff-track.com |
716 B |
1 |
offerlink02.com
1 redirects
offerlink02.com |
290 B |
1 |
aus-mail02.com
1 redirects
trk.aus-mail02.com |
1 KB |
1 |
adviseoffers.com
1 redirects
news.adviseoffers.com |
272 B |
13 | 7 |
Domain | Requested by | |
---|---|---|
9 | flightvoucher.com-voucher.online |
flightvoucher.com-voucher.online
|
2 | fonts.gstatic.com |
flightvoucher.com-voucher.online
|
1 | ajax.googleapis.com |
flightvoucher.com-voucher.online
|
1 | fonts.googleapis.com |
flightvoucher.com-voucher.online
|
1 | aff-track.com | 1 redirects |
1 | offerlink02.com | 1 redirects |
1 | trk.aus-mail02.com | 1 redirects |
1 | news.adviseoffers.com | 1 redirects |
13 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
123trackinglink.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G2 |
2017-10-10 - 2017-12-29 |
3 months | crt.sh |
*.google.com Google Internet Authority G2 |
2017-10-10 - 2017-12-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://flightvoucher.com-voucher.online/surveys/AU/jet/7/?oid=606&xc=982
Frame ID: 7762.1
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://news.adviseoffers.com/re?l=D0Ie3n9nmI4621222I1
HTTP 302
http://trk.aus-mail02.com/aff_c?offer_id=2202&aff_id=1468&file_id=10879 HTTP 302
http://offerlink02.com/?a=1&oc=1566&c=984&s1=1468&s2=1020d702248aba7f3c32ae1de331c1&s3=2202 HTTP 302
http://aff-track.com/?a=1&oc=1566&c=984&s1=1468&s2=1020d702248aba7f3c32ae1de331c1&s3=2202&ckmguid... HTTP 302
http://flightvoucher.com-voucher.online/surveys/AU/jet/7/?oid=606&xc=982 Page URL
Detected technologies
Amazon S3 (Miscellaneous) ExpandDetected patterns
- headers server /AmazonS3/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://news.adviseoffers.com/re?l=D0Ie3n9nmI4621222I1
HTTP 302
http://trk.aus-mail02.com/aff_c?offer_id=2202&aff_id=1468&file_id=10879 HTTP 302
http://offerlink02.com/?a=1&oc=1566&c=984&s1=1468&s2=1020d702248aba7f3c32ae1de331c1&s3=2202 HTTP 302
http://aff-track.com/?a=1&oc=1566&c=984&s1=1468&s2=1020d702248aba7f3c32ae1de331c1&s3=2202&ckmguid=45919745-4f0a-490e-a880-2993172839cd HTTP 302
http://flightvoucher.com-voucher.online/surveys/AU/jet/7/?oid=606&xc=982 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
flightvoucher.com-voucher.online/surveys/AU/jet/7/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lander1.css
flightvoucher.com-voucher.online/surveys/AU/jet/7/_files/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
528 B 306 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.css
flightvoucher.com-voucher.online/surveys/AU/jet/7/_files/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
voucher.png
flightvoucher.com-voucher.online/surveys/AU/jet/7/_files/images/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check.png
flightvoucher.com-voucher.online/surveys/AU/jet/7/_files/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gotoURL.js
flightvoucher.com-voucher.online/ |
910 B 910 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
landing.js
flightvoucher.com-voucher.online/surveys/AU/jet/7/_files/ |
2 KB 958 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
questions.js
flightvoucher.com-voucher.online/surveys/AU/jet/7/_files/ |
2 KB 739 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
flightvoucher.com-voucher.online/surveys/AU/jet/7/_files/images/ |
101 KB 101 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zhcz-_WihjSQC0oHJ9TCYC3USBnSvpkopQaUR-2r7iU.ttf
fonts.gstatic.com/s/montserrat/v11/ |
35 KB 20 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IQHow_FEYlDC4Gzy_m8fcvEr6Hm6RMS0v1dtXsGir4g.ttf
fonts.gstatic.com/s/montserrat/v11/ |
35 KB 20 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aff-track.com
ajax.googleapis.com
flightvoucher.com-voucher.online
fonts.googleapis.com
fonts.gstatic.com
news.adviseoffers.com
offerlink02.com
trk.aus-mail02.com
13.113.215.156
216.137.61.219
216.137.61.227
216.137.61.244
2a00:1450:4001:806::2003
2a00:1450:4001:806::200a
52.208.119.205
91.192.43.154
1cdc926ea76efc53e2aabe48ebc003f8e98ebfdb1b5d201ac94ffe2d20f19de1
34d2e32821d8be733c3e2e3c378898b5d3135a45f87706995aed62164fae783e
3e1046064c3222c9e7860bc06b44ad32d18203895945a64058a90340add05709
3fe9b414fd4df415ed44ee3e363bdff9277df5ced373bc1934c89b5717de8227
50b93274779363d7f309b5fc74f1977b88467589161b268e6dff9b6cdff4313f
54685db07aca72f8729aafc7d545ad6cd2804361d9d1960a48c20a5bc02967f9
6b24abfa135c786445864731880a8a2579f94429c3600a210f51f3893251eaf1
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
bbf0ca2ba02f0d1c781782fc5f5e66259b4b7d94e0da516cedebd44683ace07e
be664aca98ce8ac2b1ea9b956aeef8624f06603a8900e288ac3abda82df826cb
cabf0455244a2870ac924aaea9a0d8ed8f6376fd449d6218cfcbd5e8bea41a93
cbd7e3958eec849f55f0965ee5fc0a9750b7174e4e0e70a9f8b441aa3d9c40a8
d026e9ef1c60ec2a84aab3d6bc2c303335a4ac0aa38a9f46eb0f388836fb7609